<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<h2> DNSRecon包装说明</h2><p style="text-align: justify;"> DNSRecon提供执行的能力： </p><ul><li>检查所有的NS记录区域传送</li><li>列举一般DNS记录给定域（MX，SOA，NS，A，AAAA，SPF和TXT） </li><li>执行常见的SRV记录枚举。顶级域名（TLD）扩展</li><li>检查通配符解析</li><li>蛮力子域名和主机A和AAAA记录中的一个域和单词表</li><li>对于给定的IP范围或CIDR执行PTR记录查询</li><li>检查缓存记录A，AAAA和CNAME记录在一个文本文件中提供的主机记录列表的DNS服务器来检查</li><li>枚举在使用谷歌的本地网络枚举主机和子共同的mDNS记录</li></ul><p>资料来源：DNSRecon自述<br> <a href="https://github.com/darkoperator/dnsrecon" target="blank">DNSRecon首页</a> | <a href="http://git.kali.org/gitweb/?p=packages/dnsrecon.git;a=summary" target="blank">卡利DNSRecon回购</a> </p><ul><li>作者：卡洛斯·佩雷斯</li><li>许可：GPL第二版</li></ul><h3>包含在dnsrecon包工具</h3><h5> dnsrecon - 一个强大的DNS枚举脚本</h5><script id="asciicast-31190" src="https://asciinema.org/a/31190.js" async="" type="text/javascript"></script><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="a3d1ccccd7e3c8c2cfca">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# dnsrecon -h<br>
Version: 0.8.7<br>
Usage: dnsrecon.py<br>
<br>
Options:<br>
-h, --help Show this help message and exit<br>
-d, --domain Domain to Target for enumeration.<br>
-r, --range IP Range for reverse look-up brute force in formats (first-last)<br>
or in (range/bitmask).<br>
-n, --name_server Domain server to use, if none is given the SOA of the<br>
target will be used<br>
-D, --dictionary Dictionary file of sub-domain and hostnames to use for<br>
brute force.<br>
-f Filter out of Brute Force Domain lookup records that resolve to<br>
the wildcard defined IP Address when saving records.<br>
-t, --type Specify the type of enumeration to perform:<br>
std To Enumerate general record types, enumerates.<br>
SOA, NS, A, AAAA, MX and SRV if AXRF on the<br>
NS Servers fail.<br>
<br>
rvl To Reverse Look Up a given CIDR IP range.<br>
<br>
brt To Brute force Domains and Hosts using a given<br>
dictionary.<br>
<br>
srv To Enumerate common SRV Records for a given<br>
<br>
domain.<br>
<br>
axfr Test all NS Servers in a domain for misconfigured<br>
zone transfers.<br>
<br>
goo Perform Google search for sub-domains and hosts.<br>
<br>
snoop To Perform a Cache Snooping against all NS<br>
servers for a given domain, testing all with<br>
file containing the domains, file given with -D<br>
option.<br>
<br>
tld Will remove the TLD of given domain and test against<br>
all TLD's registered in IANA<br>
<br>
zonewalk Will perform a DNSSEC Zone Walk using NSEC Records.<br>
<br>
-a Perform AXFR with the standard enumeration.<br>
-s Perform Reverse Look-up of ipv4 ranges in the SPF Record of the<br>
targeted domain with the standard enumeration.<br>
-g Perform Google enumeration with the standard enumeration.<br>
-w Do deep whois record analysis and reverse look-up of IP<br>
ranges found thru whois when doing standard query.<br>
-z Performs a DNSSEC Zone Walk with the standard enumeration.<br>
--threads Number of threads to use in Range Reverse Look-up, Forward<br>
Look-up Brute force and SRV Record Enumeration<br>
--lifetime Time to wait for a server to response to a query.<br>
--db SQLite 3 file to save found records.<br>
--xml XML File to save found records.<br>
--iw Continua bruteforcing a domain even if a wildcard record resolution is discovered.<br>
-c, --csv Comma separated value file.<br>
-v Show attempts in the bruteforce modes.</code><h3></h3><h3> dnsrecon用法示例</h3><p>扫描域<b><i>（-d example.com），</i></b>使用字典来暴力破解的主机名<b><i>（-D /usr/share/wordlists/dnsmap.txt），</i></b>做一个标准的扫描<b><i>（-t STD），</i></b>输出保存到一个文件<b><i>（-xml dnsrecon.xml）：</i></b> </p><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="592b36362d1932383530">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# dnsrecon -d example.com -D /usr/share/wordlists/dnsmap.txt -t std --xml dnsrecon.xml<br>
[*] Performing General Enumeration of Domain:<br>
[*] DNSSEC is configured for example.com<br>
[*] DNSKEYs:</code><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
